2018-09-11 18:31:47 +02:00
|
|
|
#!/bin/bash
|
2018-09-11 18:35:00 +02:00
|
|
|
# Vérification root
|
|
|
|
|
if [ `whoami` != 'root' ];
|
|
|
|
|
then
|
|
|
|
|
exit
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Initialisation des variables
|
2018-09-11 18:31:47 +02:00
|
|
|
SOURCE=`pwd`
|
|
|
|
|
echo ' __ __ _____ ____ ____ _____ ______'
|
|
|
|
|
echo ' \ \ / / /\ | __ \ / __ \| _ \ /\ / ____| ____|'
|
|
|
|
|
echo ' \ V / / \ | |__) | | | | |_) | / \ | (___ | |__'
|
|
|
|
|
echo ' > < / /\ \ | _ /| | | | _ < / /\ \ \___ \| __|'
|
|
|
|
|
echo ' / . \ / ____ \| | \ \| |__| | |_) / ____ \ ____) | |____'
|
|
|
|
|
echo ' /_/ \_\/_/ \_\_| \_\\____/|____/_/ \_\_____/|______|'
|
|
|
|
|
echo ' _____ __ _'
|
|
|
|
|
echo '/ ___| / _| |'
|
|
|
|
|
echo '\ `--. ___ | |_| |___ ____ _ _ __ ___'
|
|
|
|
|
echo ' `--. \/ _ \| _| __\ \ /\ / / _` | '__/ _ \'
|
|
|
|
|
echo '/\__/ / (_) | | | |_ \ V V / (_| | | | __/'
|
|
|
|
|
echo '\____/ \___/|_| \__| \_/\_/ \__,_|_| \___|'
|
|
|
|
|
echo ""
|
2020-03-16 08:43:02 +01:00
|
|
|
echo "Programme de déploiement de service OpenVPN (V3)"
|
2018-09-11 18:31:47 +02:00
|
|
|
echo ""
|
2018-09-11 18:35:00 +02:00
|
|
|
read -p "Ce script s'adresse aux utilisateurs expérimentés. Voulez-vous continuer ? (o/N) : " CONFIRM
|
2018-09-11 18:31:47 +02:00
|
|
|
CONFIRM=${CONFIRM^^}
|
|
|
|
|
if [ $CONFIRM != 'O' ];
|
|
|
|
|
then
|
|
|
|
|
exit
|
|
|
|
|
fi
|
|
|
|
|
echo "#######################"
|
|
|
|
|
echo "# Lancement du script #"
|
|
|
|
|
echo "#######################"
|
|
|
|
|
|
|
|
|
|
# Installation des mises à jours
|
|
|
|
|
echo "########################################"
|
|
|
|
|
echo "# Début de la procédure de mise à jour #"
|
|
|
|
|
echo "########################################"
|
|
|
|
|
apt-get update
|
|
|
|
|
apt-get upgrade -y
|
|
|
|
|
echo "-- Mise à jour terminé !"
|
|
|
|
|
|
|
|
|
|
# Services à déployer
|
|
|
|
|
echo "#######################"
|
|
|
|
|
echo "# Services à déployer #"
|
|
|
|
|
echo "#######################"
|
2018-09-11 18:35:00 +02:00
|
|
|
read -p "Voulez-vous déployer le service VPN ? (o/N) : " VPN
|
2018-09-11 18:31:47 +02:00
|
|
|
VPN=${VPN^^}
|
|
|
|
|
|
|
|
|
|
# Récupération interface
|
|
|
|
|
read -p "Quel est l'interface réseau à utilisé ? : " INTERFACE
|
|
|
|
|
INTERFACE=${INTERFACE,,}
|
|
|
|
|
|
|
|
|
|
if [ $VPN == 'O' ];
|
|
|
|
|
then
|
|
|
|
|
|
|
|
|
|
# Installation VPN
|
|
|
|
|
echo "######################################"
|
|
|
|
|
echo "# Lancement de l'installation du VPN #"
|
|
|
|
|
echo "######################################"
|
|
|
|
|
apt-get install openssl -y
|
|
|
|
|
echo "-- Installation de OpenSSL terminé !"
|
|
|
|
|
apt-get install openvpn -y
|
|
|
|
|
echo "-- Installation de OpenVPN terminé !"
|
|
|
|
|
apt-get install easy-rsa -y
|
|
|
|
|
echo "-- Installation de Easy-RSA terminé !"
|
|
|
|
|
apt-get install ipcalc -y
|
|
|
|
|
echo "-- Installation de IPCALC terminé !"
|
|
|
|
|
apt-get install zip -y
|
2020-03-16 08:43:02 +01:00
|
|
|
echo "-- Installation de ZIP terminé !"
|
|
|
|
|
apt-get install iptables-persistent -y
|
|
|
|
|
echo "-- Installation de iptables-persistent terminé !"
|
2018-09-11 18:31:47 +02:00
|
|
|
|
|
|
|
|
# Questions VPN et définition des variables
|
|
|
|
|
echo "########################"
|
|
|
|
|
echo "# Configuration du VPN #"
|
|
|
|
|
echo "########################"
|
2018-09-11 18:35:00 +02:00
|
|
|
read -p "Entrer le code pays du certificat : " KEY_COUNTRY
|
2018-09-11 18:31:47 +02:00
|
|
|
KEY_COUNTRY=${KEY_COUNTRY^^}
|
|
|
|
|
read -p "Entrer le département du certificat : " KEY_PROVINCE
|
|
|
|
|
read -p "Entrer la ville du certificat : " KEY_CITY
|
|
|
|
|
read -p "Entrer le nom de l'organisation du certificat : " KEY_ORG
|
|
|
|
|
read -p "Entrer l'unité d'organisation du certificat : " KEY_OU
|
|
|
|
|
read -p "Entrer l'adresse email de contact du certificat : " KEY_EMAIL
|
2018-09-11 18:35:00 +02:00
|
|
|
read -p "Entrer le nom de l'instance VPN : " VPN_NAME
|
2018-09-11 18:31:47 +02:00
|
|
|
VPN_NAME=${VPN_NAME,,}
|
2018-09-11 18:35:00 +02:00
|
|
|
read -p "Entrer le port de l'instance VPN : " VPN_PORT
|
|
|
|
|
read -p "Entrer l'adresse réseau de votre réseau VPN : " VPN_NETWORK
|
2018-09-11 18:31:47 +02:00
|
|
|
read -p "Entrer le masque de votre réseau VPN : " VPN_NETMASK
|
|
|
|
|
read -p "Entrer le FQDN de votre serveur : " VPN_ADRESSE
|
|
|
|
|
VPN_ADRESSE=${VPN_ADRESSE,,}
|
|
|
|
|
read -p "Entrer le DNS que votre client utilisera : " VPN_DNS
|
2018-09-11 18:35:00 +02:00
|
|
|
read -p "Entrer le TLD de votre réseau VPN : " VPN_TLD
|
2018-09-11 18:31:47 +02:00
|
|
|
VPN_TLD=${VPN_TLD,,}
|
2020-03-16 08:43:02 +01:00
|
|
|
read -p "Entre le nom du certificat client de l'instance VPN : " VPN_USER
|
2018-09-11 18:31:47 +02:00
|
|
|
VPN_USER=${VPN_USER,,}
|
2018-09-11 18:35:00 +02:00
|
|
|
read -p "Voulez-vous sécuriser le certificat client par un mot de passe ? (o/N) : " VPN_USER_PASS
|
2020-03-16 08:43:02 +01:00
|
|
|
VPN_USER_PASS=${VPN_USER_PASS^^}
|
2018-09-11 18:31:47 +02:00
|
|
|
VPN_NETWORK=`ipcalc $VPN_NETWORK $VPN_NETMASK | grep Network | awk -F" " '{print $2}' | awk -F"/" '{print $1}'`
|
|
|
|
|
|
2018-09-11 18:35:00 +02:00
|
|
|
# Configuration VPN
|
2018-09-11 18:31:47 +02:00
|
|
|
echo "###################################"
|
|
|
|
|
echo "# Génération du certifiat serveur #"
|
|
|
|
|
echo "###################################"
|
2020-03-16 08:43:02 +01:00
|
|
|
make-cadir /etc/openvpn/easy-rsa/
|
2018-09-11 18:31:47 +02:00
|
|
|
echo "-- easy-rsa copié !"
|
|
|
|
|
echo "" > /etc/openvpn/easy-rsa/vars
|
2020-03-16 08:43:02 +01:00
|
|
|
echo -e "set_var EASYRSA_DN\t\"org\"\nset_var EASYRSA_REQ_COUNTRY\t\"$KEY_COUNTRY\"\nset_var EASYRSA_REQ_PROVINCE\t\"$KEY_PROVINCE\"\nset_var EASYRSA_REQ_CITY\t\"$KEY_CITY\"\nset_var EASYRSA_REQ_ORG\t\t\"$KEY_ORG\"\nset_var EASYRSA_REQ_OU\t\t\"$KEY_OU\"\nset_var EASYRSA_REQ_EMAIL\t\"$KEY_EMAIL\"\nset_var EASYRSA_KEY_SIZE\t8192\nset_var EASYRSA_CA_EXPIRE\t3650\nset_var EASYRSA_CERT_EXPIRE\t3650" >> /etc/openvpn/easy-rsa/vars
|
2018-09-11 18:31:47 +02:00
|
|
|
echo "-- easy-rsa modifié !"
|
|
|
|
|
cd /etc/openvpn/easy-rsa
|
2020-03-16 08:43:02 +01:00
|
|
|
./easyrsa init-pki
|
|
|
|
|
./easyrsa gen-dh
|
|
|
|
|
./easyrsa build-ca nopass
|
|
|
|
|
./easyrsa gen-req $VPN_NAME nopass
|
|
|
|
|
./easyrsa sign-req server $VPN_NAME
|
|
|
|
|
openvpn --genkey --secret /etc/openvpn/ta.key
|
2018-09-11 18:31:47 +02:00
|
|
|
echo "-- Certificat généré !"
|
2020-03-16 08:43:02 +01:00
|
|
|
cp /etc/openvpn/easy-rsa/pki/ca.crt /etc/openvpn/easy-rsa/pki/issued/$VPN_NAME.crt /etc/openvpn/easy-rsa/pki/private/$VPN_NAME.key /etc/openvpn/easy-rsa/pki/dh.pem /etc/openvpn/
|
2018-09-11 18:31:47 +02:00
|
|
|
echo "-- Copie du certificat !"
|
|
|
|
|
echo "####################################"
|
|
|
|
|
echo "# Copie de la configuration du VPN #"
|
|
|
|
|
echo "####################################"
|
|
|
|
|
mkdir /etc/openvpn/jail
|
|
|
|
|
mkdir /etc/openvpn/jail/tmp
|
|
|
|
|
mkdir /etc/openvpn/clientconf
|
|
|
|
|
touch /etc/openvpn/$VPN_NAME.conf
|
2020-03-16 08:43:02 +01:00
|
|
|
echo -e "mode server\nproto tcp\nport $VPN_PORT\ndev tun\ntopology subnet\nca ca.crt\ncert $VPN_NAME.crt\nkey $VPN_NAME.key\ndh dh.pem\ntls-auth ta.key 1\nkey-direction 0\ncipher AES-256-CBC\nserver $VPN_NETWORK $VPN_NETMASK\npush \"redirect-gateway def1\"\npush \"dhcp-option DNS $VPN_DNS\"\npush \"dhcp-option DOMAIN $VPN_TLD\"\nkeepalive 10 120\nclient-to-client\nuser nobody\ngroup nogroup\nchroot /etc/openvpn/jail\npersist-key\npersist-tun\ncomp-lzo\nduplicate-cn\nverb 3\nmute 20\nstatus openvpn-status.log\nlog-append /var/log/openvpn.log" >> /etc/openvpn/$VPN_NAME.conf
|
2018-09-11 18:31:47 +02:00
|
|
|
echo "-- Fichiers créés !"
|
|
|
|
|
echo "################################"
|
|
|
|
|
echo "# Activation du routage et NAT #"
|
|
|
|
|
echo "################################"
|
|
|
|
|
sed -i -e "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g" /etc/sysctl.conf
|
|
|
|
|
echo "-- Routage activé !"
|
2020-03-16 08:43:02 +01:00
|
|
|
/sbin/iptables -I FORWARD -i tun0 -j ACCEPT
|
|
|
|
|
/sbin/iptables -I FORWARD -o tun0 -j ACCEPT
|
|
|
|
|
/sbin/iptables -I INPUT -i tun0 -j ACCEPT
|
|
|
|
|
/sbin/iptables -I OUTPUT -o tun0 -j ACCEPT
|
|
|
|
|
/sbin/iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE
|
|
|
|
|
/sbin/iptables-save > /etc/iptables/rules.v4
|
2018-09-11 18:31:47 +02:00
|
|
|
echo "-- Règles NAT activé !"
|
|
|
|
|
echo "##################################"
|
2020-03-16 08:43:02 +01:00
|
|
|
echo "# Génération du certifiat client #"
|
|
|
|
|
echo "##################################"
|
2018-09-11 18:31:47 +02:00
|
|
|
if [ $VPN_USER_PASS == 'O' ];
|
|
|
|
|
then
|
|
|
|
|
echo "Entrer le mot de passe du certificat client : "
|
2020-03-16 08:43:02 +01:00
|
|
|
./easyrsa gen-req $VPN_USER
|
2018-09-11 18:31:47 +02:00
|
|
|
else
|
2020-03-16 08:43:02 +01:00
|
|
|
./easyrsa gen-req $VPN_USER nopass
|
2018-09-11 18:31:47 +02:00
|
|
|
fi
|
2020-03-16 08:43:02 +01:00
|
|
|
./easyrsa sign-req client $VPN_USER
|
2018-09-11 18:31:47 +02:00
|
|
|
echo "-- Certificat créé !"
|
|
|
|
|
mkdir /etc/openvpn/clientconf/$VPN_USER
|
2020-03-16 08:43:02 +01:00
|
|
|
cp /etc/openvpn/ca.crt /etc/openvpn/ta.key /etc/openvpn/easy-rsa/pki/issued/$VPN_USER.crt /etc/openvpn/easy-rsa/pki/private/$VPN_USER.key /etc/openvpn/clientconf/$VPN_USER/
|
2018-09-11 18:31:47 +02:00
|
|
|
echo "-- Certificat copié !"
|
|
|
|
|
touch /etc/openvpn/clientconf/$VPN_USER/client.conf
|
|
|
|
|
echo -e "client\ndev tun\nproto tcp-client\nremote $VPN_ADRESSE $VPN_PORT\nresolv-retry infinite\ncipher AES-256-CBC\nca ca.crt\ncert $VPN_USER.crt\nkey $VPN_USER.key\ntls-auth ta.key 1\nkey-direction 1\nnobind\npersist-key\npersist-tun\ncomp-lzo\nverb 3\nauth-nocache" >> /etc/openvpn/clientconf/$VPN_USER/client.conf
|
|
|
|
|
cp /etc/openvpn/clientconf/$VPN_USER/client.conf /etc/openvpn/clientconf/$VPN_USER/client.ovpn
|
|
|
|
|
echo "-- Configuration généré !"
|
|
|
|
|
zip /etc/openvpn/clientconf/$VPN_USER.zip /etc/openvpn/clientconf/$VPN_USER/*.*
|
|
|
|
|
echo "-- Archive créé !"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Redémarrage des services
|
|
|
|
|
echo "############################"
|
|
|
|
|
echo "# Redémarrage des services #"
|
|
|
|
|
echo "############################"
|
|
|
|
|
if [ $VPN == 'O' ];
|
|
|
|
|
then
|
|
|
|
|
service openvpn restart
|
|
|
|
|
echo "-- OpenVPN redémarré !"
|
|
|
|
|
fi
|
|
|
|
|
cd $SOURCE
|
|
|
|
|
|
|
|
|
|
# Ajout de la vérification XAROBASE
|
|
|
|
|
FILE=`cat /etc/XAROBASE`
|
|
|
|
|
|
|
|
|
|
if [ -z $FILE ] || [ $FILE != 'INSTALLED' ];
|
|
|
|
|
then
|
|
|
|
|
# Ajout du motd
|
|
|
|
|
touch /etc/XAROBASE
|
|
|
|
|
echo "INSTALLED" > /etc/XAROBASE
|
|
|
|
|
echo "" > /etc/motd
|
|
|
|
|
echo ' __ __ _____ ____ ____ _____ ______' >> /etc/motd
|
|
|
|
|
echo ' \ \ / / /\ | __ \ / __ \| _ \ /\ / ____| ____|' >> /etc/motd
|
|
|
|
|
echo ' \ V / / \ | |__) | | | | |_) | / \ | (___ | |__' >> /etc/motd
|
|
|
|
|
echo ' > < / /\ \ | _ /| | | | _ < / /\ \ \___ \| __|' >> /etc/motd
|
|
|
|
|
echo ' / . \ / ____ \| | \ \| |__| | |_) / ____ \ ____) | |____' >> /etc/motd
|
|
|
|
|
echo ' /_/ \_\/_/ \_\_| \_\\____/|____/_/ \_\_____/|______|' >> /etc/motd
|
|
|
|
|
echo ' _____ __ _' >> /etc/motd
|
|
|
|
|
echo '/ ___| / _| |' >> /etc/motd
|
|
|
|
|
echo '\ `--. ___ | |_| |___ ____ _ _ __ ___' >> /etc/motd
|
|
|
|
|
echo ' `--. \/ _ \| _| __\ \ /\ / / _` | '__/ _ \' >> /etc/motd
|
|
|
|
|
echo '/\__/ / (_) | | | |_ \ V V / (_| | | | __/' >> /etc/motd
|
|
|
|
|
echo '\____/ \___/|_| \__| \_/\_/ \__,_|_| \___|' >> /etc/motd
|
|
|
|
|
echo -e "\n\t\t\t\t\t\t${HOSTNAME^^}" >> /etc/motd
|
|
|
|
|
echo '' >> /etc/motd
|
|
|
|
|
fi
|
|
|
|
|
if [ $VPN == 'O' ];
|
|
|
|
|
then
|
|
|
|
|
echo "-- Service VPN" >> /etc/motd
|
|
|
|
|
fi
|
|
|
|
|
echo "#########################"
|
|
|
|
|
echo "# Fin de l'installation #"
|
|
|
|
|
echo "#########################"
|
|
|
|
|
echo "Vous disposé maintenant des services suivant : "
|
|
|
|
|
if [ $VPN == 'O' ];
|
|
|
|
|
then
|
|
|
|
|
echo "-- Service VPN"
|
|
|
|
|
echo "Vous pouvez vous connecter au serveur avec un client grâce à l'archive présente dans /etc/openvpn/clientconf/$VPN_USER.zip"
|
|
|
|
|
echo "Un redémarrage est nécessaire !"
|
2018-09-11 18:35:00 +02:00
|
|
|
fi
|
